The postings on this site solely reflect the personal views of each author and do not necessarily represent the views, positions, strategies or opinions of IBM or IBM management. IBM reserves the right to remove content deemed inappropriate.

Introduction to IBM API Management

Simon Dickerson is a Technical Sales Engineer for IBM covering IBM API Management, Cast Iron cloud integration and mobile application development with IBM Worklight. He has an engineer degree and has worked with a broad range of computing technologies and focuses on the benefits of technology to the end user.

APIs have been around for a long time but gone unnoticed because they were the preserve of the few people who created and needed them for integration and for applications.

With the rise of the internet and mobile working, applications (apps) have become much more prominent, available and numerous, generally being functionally very specific or limited. Those apps require data, and that data comes from calling an API. Companies, therefore, are now in the position of needing to make APIs available, whether it is for developing apps for internal use only or to expose their data publicly. But they can’t just go ‘here you are, here’s our API’. There needs to be control. And those APIs , whether publicly available or not, need some care and attention; they need to be treated as a product, because if something goes wrong then damage to the company’s reputation will most likely occur and sometimes some things much worse.

The answer to this need for control is to implement an API Management solution. IBM API Management is IBM’s offering and it comes either as an on-premise solution or cloud hosted. I have been on the team writing the first IBM Redbooks Publication on API Management and have just finished the chapter introducing the product.

API Management is not just about the creation of APIs. It is about the packaging, distribution and control of those APIs and the analysis of how they are used. Key aspects in this could be summarized as follows:

Creation/Capability

It might seem obvious that creating APIs is a fundamental capability but those APIs have to be designed correctly. And not just that, they need to be updated so an API lifecycle and versioning control needs to be in place. Updating an API could mean the applications using that API will be broken. When releasing an API you can proxy to an existing service or create new APIs which might, for example, aggregate and filter data from more than one data source.

Security

Security is paramount not just to protect the back end data sources from attack but to ensure that APIs are not misused. Security such as API entitlements/rate limiting, basic authentication, OAuth and LDAP are all necessary. A security gateway is a mandatory requirement.

Performance

It goes without saying that APIs need to perform. Generally APIs are created for the development of applications and if the user experience is poor then they are not going to be used. In the global environment latency is the key and this might mean deployment over many data centers. Depending upon the API call volumes might be in the many millions per month but it is the peak that has to be managed for and this in some circumstances (think of new product promotions or global news events) might be hundreds of thousands of calls in an hour. Like security, caching is vital.

API Release/Publication

Once you have a nice secure API you need to release it to the app developers. Simple! Not quite. An app developer needs documentation, examples, and the ability to sign up to the entitlements. They need to know terms and conditions, where to go for support and so on. All of this requires a developer portal.

Analytics

It’s always good to understand what is happening and analytics should give you that. This isn’t just about what apps are out there, the devices the number of API calls or how long it takes for each API call to run. Business information is vital. You’ll want to analyze the content, what are people asking for and what do they do when they’ve got the information.

Releasing an API requires consideration of a number of factors as indicated above. The IBM API Management solution addresses these and the IBM Redbooks Publication covers the theory as well as a practical implementation. Check it out.